0

We have our head office, that has a static ip and two windows servers a domain server and a file server.

We have another office that only has a router and a pc (with a static ip address) now my aim is to connect using VPN which is easy enough however connecting to the printer at the remote location do i need to open port 445 for this to work? also i have read that port 445 is a dangerous port to open to everybody so would you suggest restricting port 445 to the 2 static IP addresses, or does anyone have any better suggestions as to a better way to do this?

Liam Sorsby
  • 129
  • 2
  • 5
  • Normally all ports are open on a VPN, unless you have a reason to distrust one of the machines that connects to the VPN. It is possible to firewall the VPN connection, but not common in a situation like you describe where you have a main office and a branch office. – Quinten Aug 16 '13 at 14:22
  • sorry i didn't mean close the ports i meant limit the ports on the router. basically both machines have static ip address's and i don't really think it's a secure option to keep port 445 open and forwarding everyone to the machine should i only forward from the 2 static ip's? – Liam Sorsby Aug 16 '13 at 14:31
  • Where is your VPN connection? On the router/firewall at the branch office (a normal place to put it) or some other client device at the branch office? If the VPN is only on client devices, you don't need to open any printer ports on the router. The VPN traffic is all tunneled over the VPN port, those are the only ports that need to be open on the router to allow tunneled VPN traffic of any protocol through. I assumed you were talking about ports on a firewall device that handled the VPN connection. I agree with TomTom, you may need to go back to basics on this question. – Quinten Aug 16 '13 at 14:49
  • sorry to re-open this. Can someone confirm when the VPN connection is established with the server and a static ip address has been set on the client machine, is the local static ip address with the server, or is it with the router it is going through? – Liam Sorsby Aug 29 '13 at 15:52
  • Hi Liam, I can't really make sense of your question. I recommend asking a consultant for further help or starting with a book that goes over main concepts. It sounds like you need some advice on a basic networking level. Alternatively, just set up a lab or test environment and verify some of the concepts for yourself. – Quinten Aug 29 '13 at 19:34

2 Answers2

1

Ah, reality check: A vpn is there to create a virtual network. So, "open port 445" does not mean "to the world" but "to YOUR network" which in this case goes over the VPN to the remote location, too.

A good book about netwroking basics may be in order - you seem to have a misunderstanding what a VPN is, fundamentally.

TomTom
  • 51,649
  • 7
  • 54
  • 136
  • right the vpn will be created however i mean to network the printer from the pc at the remote location to be printed to from our location. Is this the same concept? – Liam Sorsby Aug 16 '13 at 11:48
0

Create the VPN between the 2 locations (either lan-to-lan via the 2 routers, our a client VPN from the remote PC to the main office).

If the printer is phy connected to the remote PC, install it on the remote PC and share it out from the remote PC as well (near the end of the printer install).

Setup the head office with the ability to print to the remote printer by installing it as \remotecomputer\sharedprinter.

At that point on a lan-2-lan VPN you can always print from head office to the remote printer THROUGH the remote computer (which must be on). On a VPN where the remote computer VPNs into the head office, remote printing would only work after the VPN is established by the remote computer.

If the printer is IP based, then you'll either need to go lan-2-lan VPN and connect to the printer via its IP, or you can still go the above route and share it out on the remote computer as well if the remote computer will be the VPN client back to the head office.

Final alternative if all you are after is printing to the remote office (which seems unlikely since the remote office should have a need to get to the dc and file server) would be to setup port forwarding on the remote office router to the printer and limit the source IP to WAN IP of the head office. Then setup a local TCP/IP printer on a computer at the head office using the WAN IP of the remote office router as the printer's "IP".

Hope that helps.

TheCleaner
  • 32,627
  • 26
  • 132
  • 191